Hello,
On Wednesday March 11, 2009 13:53:48 Jorge Vargas wrote:
> I sat down today to do a real registration page for codemill and
> (possibly the start of tgext.registation)
>
> here is what I got so far http://paste.turbogears.org/paste/38205
>
> which is very disappointing :(
> 71 LOC and some very cryptic ones.
Definitely. And that predicate has to be made over, I'd suggest you check the
repoze.what docs.
I'd do:
class self_user(Predicate):
message = "Only %(user) can access her own info"
def evaluate(self, environ, credentials):
vars = self.parse_variables(environ)
# Assuming you have routes like "/users/:username:/:action:"
req_user = vars.named_args.get('username')
if req_user != credentials.get('repoze.what.userid'):
self.unmet(user=req_user)
Note that in this situation there's no reason to use the database.
> 2- We need a better way to attach a predicate to a exposed method, +4
> LOC for each one is not fun.
I have no idea what you mean by that. What 4 LOC per exposed action?
> 3- why repoze.what made All ? can't we use any/all from python we have
> plenty of ways of providing that in the TG1 codebase
There's no way to do that. They need the environ to be evaluated.
> 4- look at how awful is that custom predicate to simply figure out if
> the current user is the one trying to be edited, I have left the
> pprint in there to give you an idea of how horrible it was for me to
> find out how to query for him.
(Answered above)
> 4.1- why is repoze.what.userid == User.user_name ??
Don't ask me, you wrote it ;-) I don't even know you used the DB =)
> 4.2- there was to be a better way to know if the current user is able
> to edit the current resource
There is, and all that is documented. That'd be the self_user predicate above,
in your situation.
> 4.3- my code is very very ugly and will probably break in a very easy
> way. like going to (http://localhost:8080/register/edit)
That's up to your routing settings, it has nothing to do with repoze.what.
> 6- I couldn't think of a sane way of doing
> if user = admin:
> edit_form = full_user_form
> elif user = current:
> edit_form = limited_user_form
> else:
> abort(403)
For example,
"""
@expose('coolpackage.cooltemplate')
@require(Any(is_user('admin'), self_user()))
def edit(self, username):
if 'admin' == request.identity.get('repoze.who.userid'):
c.edit_form = full_user_form
else:
c.edit_form = limited_user_form
return {'username': username}
"""
or,
"""
@expose('coolpackage.cooltemplate')
@require(Any(in_group('admins'), self_user()))
def edit(self, username):
if in_group('admins').is_met(request.environ):
c.edit_form = full_user_form
else:
c.edit_form = limited_user_form
return {'username': username}
"""
By the way, in your subject you talk about tgext.crud and repoze.what
integration, but I couldn't find anything in your email which talks about such
integration. Did you forget to include something?
Saludos!
--
Gustavo Narea <http://gustavonarea.net/>.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
